<?php
 /******************************************************************************
 *   GunCMS is an avid supporter of open source software. This is the appropriate 
 *   option if you are creating an open source application with a license 
 *   compatible with the GNU GPL license v3.
 *   For details http://www.gnu.org/licenses/gpl.html
 *   DO NOT USE FOR COMMERCIAL WITHOUT PERMISSION
 *
 * GunCMS Version 1.0.3
 * Copyright(c) 2009-2010, T & L GdbR
 * info@guncms.de
 * 
 * http://www.guncms.de
 ********************************************************************************/
ob_start();
session_start();

	require_once("../configuration.php");
	require_once("../includes/db/constants.php");
	require_once("model/BgcmsUserBean.class.php");


	$pwd = null;
	$rememberme = null;
 
	@$rememberme = $_POST['rememberme'];

	unset($_SESSION['user_id']);
	unset($_SESSION['user_name']);
	unset($_SESSION['user_isadmin']);
	unset($_SESSION['error']);
	
	if(isset($_POST['user_name']) && $_POST['user_name'] != "") {
		$user = BgcmsUserBean::get_user_by_name($db, $_POST['user_name']);		
		if($user != null) {
			$passCrypted = $user->user_password;
			if(crypt($_POST['user_pass'], $passCrypted) == $passCrypted) {
				$_SESSION['user_id'] = $user->user_id;
				$_SESSION['user_name'] = $user->user_name;
				$_SESSION['user_isadmin'] = $user->is_admin;
				$_SESSION["LC_ALL"] = 'en';
				if($rememberme == "forever") {
					$expire = time()+60*60*24*30;
					setcookie("gcms[user_id]", $user->user_id, $expire);
					setcookie("gcms[user_name]", $user->user_name, $expire);
					setcookie("gcms[user_isadmin]", $user->is_admin, $expire);
				} else {
					setcookie("gcms[user_id]", "");
					setcookie("gcms[user_name]", "");
					setcookie("gcms[user_isadmin]", "");
				}
			} else {
				$_SESSION['error'] = _("Invalid username or password.");
			}
		} else {
			$_SESSION['error'] = _("Invalid username or password.");
		}
	} else {
		$_SESSION['error'] = _("Please type the username.");
	}
	
	if($_POST['redirect_to'] == "") {
		ob_clean();
		header("Location: ./");
	} else {
		ob_clean();
		header("Location: ./?" . $_POST['redirect_to']);
	}
		 
ob_end_flush();
?>
